Michael Varga wrote:
Hi,
I wrote a NF_IP_PRE_ROUTING hook to capture packets for an IPSec implimentation.
Is there a way to make netfilter assemble fragments before=20
recieving them in my netfilter hook?
If you use a kernel 2.4, you won't see any fragments since netfilter assembles them before hitting NF_IP_PRE_PREROUTING. On the other hand, if your box runs a kernel 2.6, assemble them by yourself. Have a look at skb_linearize. Previously check that it's non linear with skb_is_non_linear.
http://lxr.linux.no/source/include/linux/skbuff.h#L1041 http://lxr.linux.no/source/include/linux/skbuff.h#L655
Since you get packets from interrupt context, make sure you pass the GFP_ATOMIC flag to skb_linearize.
-- Pablo
